[NLNOG] deploying RPKI based Origin Validation
M. Piscaer
debian at masterpe.nl
Thu Jul 12 23:44:28 CEST 2018
On 12-07-18 23:25, Job Snijders wrote:
> On Thu, Jul 12, 2018 at 09:09:44PM +0000, Weber, Markus wrote:
>>> Hoe/waar zijn jullie met implementaties van RPKI Origin Validation?
>>
>> AS286 is "prepared", but not yet rejecting anything.
>>
>> Once the customer cone is clean (or customers had enough time to get
>> their or their customer's or their customer customer's invalids
>> corrected), reject will be enabled (and not disabled again). Round
>> about a dozen of invalids of downstreams remain ...
>
> From my perspective you are almost squacky clean! I see two invalids
> 88.159.27.0/24 (invalid, but covered by valid route 88.159.0.0/16) and
> 94.103.31.0/24 (also covered by valid 94.103.16.0/20). I'm sure there
> are more, but if you drop these two prefixes it shouldn't result in loss
> of connectivity because there are covering valid routes.
>
A patently I needed to publish the RPKI cert of 88.159.27.0/24. Thanks
for the headsup.
<...>snap</snap>
Kind regards,
Michiel Piscaer
AS39309
Edutel BV
--
Network / System Engineer
Security Officer
E-mail: m.piscaer at edutel.nl
Telefoon: +31 88 787 0209
Fax: +31 88 787 0502
Mobiel: +31 6 16048782
Threema: PBPCM9X3
PGP: 0x592097DB
W3: www.edutel.nl
More information about the NLNOG
mailing list